Over 1 million tech questions and answers.

constant popups in IE and Firefox, Hijack this log included.

Q: constant popups in IE and Firefox, Hijack this log included.

Hello,
I have been receiving popup's while surfing the net in IE and Firefox. If there is no explorer or firefox window open the popups do not occur. For a while the popup would come up and there would be not data whatsoever in the internet explorer box. Within the past two weeks that has changed and now the popups are connecting to sites like clickarrows.com and vidshadow.tv. Here is my hijack this log. Thank you in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:16 PM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\utorrent\utorrent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike and Sarah\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6.4/GarminAxControl.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/23.17/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179298398171
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179298391890
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://crucial.com/controls/cpcScanner.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 8952 bytes

RELEVANCY SCORE 200
Preferred Solution: constant popups in IE and Firefox, Hijack this log included.

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: constant popups in IE and Firefox, Hijack this log included.

Read other 16 answers
RELEVANCY SCORE 70

constant popups and redirects while running firefox, but the popups are from IE 7

here is my hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 9:34:45 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\eric\Desktop\VundoFix.exe
C:\Documents and Settings\eric\Desktop\HJT1991.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer... Read more

Read other answers
RELEVANCY SCORE 70

Hello all !!
I'm new to this forum and need some major help with my XP pro machine. As of yesterday I'm starting to get constant popups when I access the internet. I am using IE7. Here is my HiJackThis log, see below. Any help would be greatly appreciated with this. Thanks!!!!
Logfile of HijackThis v1.99.1
Scan saved at 2:07:01 PM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Roxio Sh... Read more

A:Solved: Constant Popups on my XP - HiJackThis included!

Read other 11 answers
RELEVANCY SCORE 70

Hi All,

I am currently experiencing hijacked web browsers, constant and annoying popups, and a general slowdown of my system. I have attached a HJT logfile post Vundo removal fix and would greatly appreciate any help.
Thanks in advance,
Kutty

Logfile of HijackThis v1.99.1
Scan saved at 12:29:36 PM, on 4/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\AOL\1142100559\ee\SSCEvtHdlr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Common Files\AOL\1142100559\ee\a... Read more

A:Constant Popups and Hijacked Processes, HJT log included

Welcome to TSG

Please download
VundoFix.exe
to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.
 

Read other 1 answers
RELEVANCY SCORE 69.2

Hi, since 2 days ago, i have been attacked by some type of ad ware. There were constant pop up message boxes stating that your computer is under risk, and that you should download the recommenced anti virus. I ran ad-aware, and it got rid of some of the problems. However, there is still a problem. Internet Explorer keeps opening up and it goes to random websites (category is very random, cant describe it). I ran Hijack this and here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:04 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Dell Support Ce... Read more

A:Help! Constant Internet Explorer popups! log file included

Hello! Welcome!

( 1 )

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

MyWaySA { Everything Rleated to MyWay.

_____________

Download the latest version of Java Runtime Environment (JRE) 6/05

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

( 2 )

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

Could someone take a look at this log. Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:50 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mike and Sara... Read more

A:Constant pop-ups, hijack this log included

Still having the same problems. I have constant pop ups that only occur when internet explorer is open and they happen to pop up between 20 seconds and 2minutes. I have tried spybot, adaware and avast. I originally posted a hijack log in April. I am in the Navy and havent really been home since then. I would really appreciate any and all help that can be given. thank you. Here is an updated hijack this log.

To add more information: the popups are usually just blank internet explorer pages that say connecting on them. Sometimes they connect to random sites. As soon as I have examples of those random sites I will post them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:50 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

First time posting. My brother's computer has been infected by some nasty malware. Whenever I open IE or Firefox there are popups, like stopzilla, antivirus scanner and even google. Try different antivrius programs but still couldn't fix the problem. Hopefully someone can help me. Thanks in advance!

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:17:30, on 13/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C... Read more

A:Constant popups from both IE and Firefox

Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked ... Read more

Read other 8 answers
RELEVANCY SCORE 66.4

Hi, this has been a problem for a little while, I keep getting 2 ie pop-ups at random times when using firefox. I tried using kaspersky internet secruity for a scan but that did not help one bit. This is so fustrating, I don't know what else to do, Please help.

I did the Hijack this, and it made me a log. Im using windowsxp sp2. I hope I did this right. Thanks for anyone's help. Oh the firewall gives me a waring first right before it happens. it says C:windows\explorer.exe is trying to do something then I get the 2 pop-ups

Logfile of HijackThis v1.99.1
Scan saved at 8:00:44 PM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\reals... Read more

A:Constant ie popups when im using firefox

Hi Tahj35,

Sorry for the delay in looking into your log, as we are extremely busy in this section of the forums. If you still require assistance and are not seeking help elsewhere, then please carry out my instructions.

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on al... Read more

Read other 3 answers
RELEVANCY SCORE 66.4

Getting constant popups in IE and firefox to random sites including Funny or Die, self help scams, and sites that ESET NOD32 does not allow to open. Several registry edit attempts were foiled by Spybot. Ive run ESET NOD32 and Spybot to try to clean up w/e is causing the popups but have had no luck. I hope someone can help me.
======================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:25 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program F... Read more

A:Getting constant popups in IE and firefox. Please help

Read other 6 answers
RELEVANCY SCORE 66.4

Hi,
I've been having pop-up windows showing up regularly in Internet Explorer 6 and Firefox 2, on a Windows XP Home SP2 system, over the past few days. Most of these pop-ups advertise what really looks like rogue antispyware and other junk.
I have run the five steps.
Any idea how to get back on my feet ?
Thanks guys.


Deckard's System Scanner v20070905.67
Run by kouye on 2007-10-08 18:08:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
32: 2007-10-08 16:09:01 UTC - RP32 - Deckard's System Scanner Restore Point
31: 2007-10-08 16:00:27 UTC - RP31 - Supprim? Ma-Config.com plugin
30: 2007-10-07 20:51:44 UTC - RP30 - Software Distribution Service 3.0
29: 2007-10-07 17:57:58 UTC - RP29 - Point de v?rification syst?me
28: 2007-10-06 17:57:34 UTC - RP28 - Point de v?rification syst?me


-- First Restore Point --
1: 2007-07-23 21:18:02 UTC - RP1 - Point de v?rification syst?me


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-10-08 18:10:13
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\sys... Read more

A:Constant popups in IE 6 and Firefox 2

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's run... Read more

Read other 7 answers
RELEVANCY SCORE 66

Hi everyone, I am attempting to save some data on an old computor, but it has become nigh impossible due to constant winmgmt.exe error pop-ups, I was hoping someone could help me tackle this beast.

In a nut shell, I am recieving an error pop-up that reads "Winmgmt.exe has generated errors and will be closed by windows, you will need to restart the program" roughly every 2 seconds, sometimes even shorter intervals. I have run AVG, Ad-aware 6, and Spybot search and destroy, allof which have removed various things, but the problem persists.

I am currently running windows 2000 pro, with SP4.

Here is my Hijack this Log;

Logfile of HijackThis v1.99.1
Scan saved at 2:58:37 PM, on 12/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\QuickTime\qttask.ex... Read more

A:Solved: Winmgmt.exe Constant PoP-Up Help. Hijack this included

Read other 10 answers
RELEVANCY SCORE 65.6

Recently, IE popups have started to appear while I surf firefox. I otherwise do not use IE. I don't recall visiting any new websites either, so I am unaware of the popup origins.

The following is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:05:07 PM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\rea... Read more

A:IE Popups while using Firefox (HJT Log included)

Also, I use windows xp.
 

Read other 2 answers
RELEVANCY SCORE 65.6

hi, recently i keep getting Internet Explorer popups even though im using Firefox. i've done three scans with ad-aware, spybot search & destroy and spyware doctor and none have been able to remove the problem. usually i get a popup when i first open Firefox and then i get them every few links clicked so i'm hoping this can be sorted soon =D

HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 14:22:17, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\IA\command.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\PROGRA~1\... Read more

A:IE popups when using firefox (HJT log included)

by the way i should add that every now and then i get a different kind of popup too. I think it's something like a java type popup, could be wrong, but it's always a 'search the web' kind of popup and sometimes comes up once i've search for something.
 

Read other 2 answers
RELEVANCY SCORE 65.6

Hello, I'm a windows vista user. I've always never had problems with firefox but recently it's been giving me a headache. There's constant popup and crashing ten minutes or so. Sometimes its because of the DEP. Sometimes explorer.exe crashes along with firefox and I lose the internet connection for a while. I've tried avg, norton08,spydoctor, and spybot but they don't help at all.

My Hijack Log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:42 PM, on 6/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8... Read more

A:Firefox: popups and constant crashing

Read other 7 answers
RELEVANCY SCORE 65.2

HERES THE HIJACK THIS LOGFILE. I SEEM TO BE GETTING INTERNET EXPLORER POPUPS WHILE USING FIREFOX. PLEASE HELP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:36 AM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\... Read more

A:Help IE popups while in Firefox HJT Logfile included

Read other 11 answers
RELEVANCY SCORE 65.2

Help please!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:42:57 PM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\timm\Desktop\Unused Desktop Shortcuts\HiJackThis_v2.exe

O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\tuvwwut.dll
O2 - BHO: (no name) - {6990632D-E263-4EC1-AF95-5A659E848269} - C:\WINDOWS\system32\pmkji.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\qotwmgjg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.d... Read more

A:IE popups on Firefox and WMP not working, HJT included

Read other 7 answers
RELEVANCY SCORE 64.8

Ok. I somehow contacted a particularly nasty virus/spyware, and while a lot of it I managed to clean, the popups that are the main effect remain. As far as I can tell that's my only problem, but it's highly annoying, and I seem to have infections that AVG Virusscan refuses to delete.

Here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:36:52 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Software Internationals\MuckClient\muckclient.exe
C:\Program Files\Software Internationals\MuckClient\muckclient.exe
C:\Program Files\Software Internationals\MuckClient\muckclient.exe
C:\Program Files\CDmax\CDmax.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\... Read more

A:Constant popups (in Firefox, default browser)

Hello TerraEpon and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.

Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
If after the reboot the log does not open double click on it in the l2mfix folder.

Read other 19 answers
RELEVANCY SCORE 64.8

Dunno if I did everything correctly.. But here's what i got..

Let me know if anything else i need to let u kno..

Thanks in advance..

Flowz

Deckard's System Scanner v20071014.68
Run by ZuluFloW on 2008-05-13 09:20:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.56 GiB (less than 15%) free.


-- HijackThis (run as ZuluFloW.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:34 AM, on 5/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Pr... Read more

A:Constant popups in Firefox Malware issues - Please HELP

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.




Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

----------------------------------------------------------------------------------------
I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.
Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
* Double-click Flash_Disinfector.exe to run it.
* Follow any prompts that may appear.
* Wait until the program has finished scanning, then please exit the program.
The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
Please restart your comp... Read more

Read other 17 answers
RELEVANCY SCORE 64.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:16 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Video ... Read more

A:need help with popups (hijack this log included)

Welcome to TSG

Please download SmitfraudFix
to your Desktop.
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 64

Please, I need somebody's help. Norton anti-virus keeps telling me (70 instances in a matter of minutes) that I have a vundo virus loctaed somewhere C://WINDOWS/system32. I have run vundo fix, but it found no vundo viruses. I constantly get both firefox AND internet explorer pop-ups when the internet is connected, ESPECIALLY an anti-virus 2009 scan pop up that keeps trying to scan my computer. Can anybody help me figure out the problem??Here is my HiJackthis log. please help!! Thank youLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:40:49 PM, on 12/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\D-Link\D-Link RangeBooster N DWA-542\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Symantec AntiVirus\DefWatch.exe... Read more

A:Norton says I have Vundo virus..constant popups in firefox...please help!

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..Note: DO NOT mouseclick combofix's window while its running. That may cause it to stallNEXTPlease download GMER and unzip it to your Desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.Post these logs in your next reply..1. ComboFix2. A fresh HijackThis log3. Attach GMER reportRegardsfenzodahl512

Read other 2 answers
RELEVANCY SCORE 64

At first it was just popups of shopping websites, then i downloaded the "Yes popups" addon for firefox and i stopped getting them on there (but still on IE) and started getting antivirus 2009 popups.
Mcaffee and spybot S&D come up with nothing.

HJT log here. thx in advance

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:23:40, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDO... Read more

A:constant popups on firefox and ie - av2009 - logs attached

it sounds like this guy has the same problem as me
http://forums.techguy.org/malware-removal-hijackthis-logs/774970-pop-ups-anti-spy-adware.html
 

Read other 1 answers
RELEVANCY SCORE 63.6

Hello...for the past week or so I have been getting frequent browser crashes/error messages. It's happened most on IE, but has happened on Firefox & Netscape as well. The timing seems random - it could be immediately upon browsing or it could be after 10 hours. The error messages are always slightly different, but they always seems to point to a file similar to: C:\DOCUME~1\DCL\LOCALS~1\Temp\c5f5_appcompat.txt. I am pasting a few of the recent details from error messages:

* szAppName : iexplore.exe szAppVer : 6.0.2900.2180 szModName : hungapp
szModVer : 0.0.0.0 offset : 00000000

* AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: flash9d.ocx
ModVer: 9.0.47.0 Offset: 00099a25

* AppName: iexplore.exe AppVer: 6.0.2900.2180 ModName: urlmon.dll
ModVer: 6.0.2900.3231 Offset: 0003b5ce

AppName: netscp.exe AppVer: 7.2.0.0 ModName: xpcom.dll
ModVer: 1.7.20040.14879 Offset: 00007e09

Additionally, I am pasting a current HiJack This log below. Any assistance would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 1:03:22 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:... Read more

A:Constant Browser Crashes & appcompat.txt Error Mesgs (Hijack This Log included)

Read other 7 answers
RELEVANCY SCORE 63.6

Good day all. Haven't had major issues for awhile until now. We are being overrun by popups in IE. Even when I use Firefox, IE starts on its own at various times . Any help is appreciated. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:30 AM, on 11/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\... Read more

A:Massive popups-Hijack this included

Good day all! Here is alittle bit of information. AVG found these two items.

Trojan Horse generic3.uns
Trojan Horse bho.clm

AVG supposedly deleted them but were back after start up.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:30:30 AM, on 11/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\ms... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

For the past few weeks, I have been getting popups like crazy.
Most come up with the title Aurora in their own browser window.
I have ran Adaware, Spybot, & Microsoft's spyware scanners and each found VX2. I told each program to remove the files, but the popups still occur. Also, none of the spyware scanner find anything infecting the machine.

Here is a copy of the HJT log. Any help would be most appreciated!!
Logfile of HijackThis v1.97.7
Scan saved at 10:29:47 AM, on 4/21/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Norton\pcAnywhere\awhost32.exe
C:\WINNT\System32\svchost.exe
d:\Ip Commander\DIPSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Norton\Anti Virus 2002\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\SonorkServer\srksvr.exe
D:\WatchGuard\CONTROLD.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
D:\Norton\ANTIVI~2\navapw32.exe
C:\WINNT\system32\ctfmon.exe
D:\Client Manager\CMAGS.EXE
D:\WatchGuard\controldGUI.exe
C:\WINNT\system32\wisptis.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\MICROS~1\Office10\OUTLOOK.EXE
D:\M... Read more

A:Aurora Popups - Need help - HiJack Log included

hi, welcome to TSG.

It's ok, this works.

Mypctuneup.com performs technical support for a number of companies and we are sorry to hear that advertising software is causing you problems. We will gladly assist you in removing our partners' advertising software from your computer as expeditiously as possible.
From our website you can scan your PC and determine whether or not the software is installed on your machine, and if so, you can then choose to uninstall. To run the uninstall tool click on the link below:
http://www.mypctuneup.com/evaluate.php
Or go to www.mypctuneup.com and click on free uninstall tool and follow the steps.
hoster
Download the Hoster from: http://members.aol.com/toadbee/hoster.zip. UnZip
the file and press "Restore Original Hosts" and press "OK". Exit Program.

Run an online antivirus check from

http://www.kaspersky.com/beta?product=161744315

you will need to input a name
and email adress but anyone will do & then acccept an active X control IT IS
SAFE to do soLET IT FIX WHATEVER IT FINDS

go to this site and download these tools and once you get both
adaware and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk entries".
Click next to start the scan.Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
Wi... Read more

Read other 1 answers
RELEVANCY SCORE 63.6

please help me to remove the bad stuff and keep the good stuff. I have Mcaffee virus scan. Thank you.
Logfile of HijackThis v1.99.0
Scan saved at 12:33:12 PM, on 12/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\PROGRA~1\McAfee.com... Read more

A:POPUPs galore/hijack log included

Read other 8 answers
RELEVANCY SCORE 63.6

cruising the net earlier today i noticed random popups from sites like google which never have them, running spybot i saw i had quite a few things, under the name of virtumonde
i restart my computer hoping i'm ok, and no, still get popups, i scan again, and the same things i previously removed were still there
i opened up a program called autoruns and found the items in my registry, removed them, only to have them being copied again just as fast as i deleted one of them... what is going on here?

Logfile of HijackThis v1.99.1
Scan saved at 12:14:40 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\avgwdsvc.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\sv... Read more

A:Please save me from popups, Hijack Log Included

bump

please help me
 

Read other 1 answers
RELEVANCY SCORE 63.6

The title pretty much explains everything. I've run Spybot a lot, and I can tell you that the one that always shows up is callinghome.biz. Hijack this log follows:

Logfile of HijackThis v1.99.1
Scan saved at 4:42:58 PM, on 4/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\J... Read more

A:Problems with popups, etc. Hijack This log included

Hi Imnotclever

Welcome to TSG!

Go here and download Ad-Aware SE.

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

From main window :Click Start then under Select a scan Mode tick Perform full system scan.

Next deselect Search for negligible risk entries.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.

Go here and download Microsoft Antispyware Beta. First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now" and click Spyware scan options. In that window put a tick by Run a full system scan and then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds (have it quarantine the items that have that option rather than delete just in case. It is a beta program and there may be false positives)

Restart your computer.

Come back here and post another Hijack This log and we'll get rid of what's left.
 

Read other 3 answers
RELEVANCY SCORE 63.6

I have and use both IE and Firefox on my computer and get different problems with each.

With IE I get constant pop-ups including the nasty ones with the fake antivirus programs such as Bestseller Antivirus. Also I often get a message of buffer overrun detected...explorer.exe must shut down...though it generally stays open (I suppose it may be one of the popups that is trying to open and is being shut down.)

With Firefox I don't seem to be getting popups...but instead I will often click on a link which causes Firefox to simply crash.

I have gone through the 5 step process and will attach the various logs requested. Also, before I came here someone gave me advice (not sure if it was good or not....) so here is what I have done already:

Installed and ran cwshredder.

Installed and ran vundofix.exe. Vundofix told me to delete about 10 files...though it was unable to delete one of them (jkkjheb.dll) even after a re-boot. As to one of the files that was deleted - (qhwmyabl.dll) ...there may be another problem. When I boot up the computer I get a message that some process can not load because qhwmyabl.dll can not be found. I don't know what program isn't loading and I did a search for that dll but found no mention of it. (If you need the names of the other files deleted by Vundofix let me know as I made a list of them.)

OK...I am posting the HijackThis Log main.txt and the Panda log and am attaching the extra.txt log as well. Thanks in advance for your h... Read more

A:[SOLVED] Constant Popups with IE/buffer overruns...Firefox crashing

Hello maineiac, and welcome to TSF.

My apologies for the delay. We're all volunteers, and we've been swamped.
We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/comb...o-use-combofixWhen the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new DSS log so we may continue cleaning the system.
-screen317

Read other 14 answers
RELEVANCY SCORE 63.6

Hi,

I was previously being helped in another thread. Here's the link. http://www.bleepingcomputer.com/forums/topic402605.html/page__p__2283536__fromsearch__1#entry2283536

I was told to follow the steps in the preparation guide and to then post a new thread here.

After 2 hrs of using my computer, the top portion of firefox and other windows will be missing along with text.
Soon after nothing can be viewed in the window and it starts to become extremely slow.
If I try to reopen firefox I will get this message
"C;\Program Files\Mozilla Firefox\ xul.dull is not a valid Windows image. Please check this against your installation diskette"

If I try to open things in the control panel I will get this message "The application failed to initialize properly (0xc0000142). Click on OK to terminate the application".
I cannot shut down or restart my computer when this happens.

Mbam scans do not find anything.

I am at a loss as to what to do. I do not want to buy a new computer...

I included all the logs from the preparation guide.

Thanks in Advance!

A:Top portion of firefox window missing and constant error popups

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 30 answers
RELEVANCY SCORE 63.2

CiD adserver5.com Pop-ups!HELP ME GET RID OF THEM PLLLLEEEAASSEEEE!

I have downloaded about 20 difference virus/adware/spyware scans and none of them have picked up on or fixed my constant pop-ups from
CiD adserver5.com

I've got McAfee and that hasnt picked up on it and AOL spyware protection hasnt picked up on it either.

None of all the other scans ive downloaded off the net have found it either.

I've looked on my add/remove programs list and i havent seen anything from messenger or anything saying CiD on it. I dont know what else to do now, ive tried sooo many scans from soo many different places and it still isnt fixed

ITS SOOOO annoying!!Im trying to study and I get about 6 pop-ups every couple of minutes and then my aol will freeze and then my comp will freeze.

I do have msn messenger but as far as i can see there are no add-ons and nothing in the add/remove program list.

Alot of my programs are non-responsive aswell and my automatic updates (security center) KEEPS on turning off, when i turn it back on it only lasts a few minutes and turns off again and when i re-boot it is off again.

I have Windows XP and im using aol wireless broadband if that helps?

Im not exactly a computer whizz and i need to solve this asap as i must get on with my course.

HERE IS MY HIJACKTHIS LOG IF THAT HELPS ANYONE?? I wouldnt mind any other solutions other han hijack aswell.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:27, on 11/08/2008
Platform: Wind... Read more

A:Solved: Ignored post PLEASE HELP with my CiD popups-Hijack This Log included

Read other 15 answers
RELEVANCY SCORE 63.2

Logfile of HijackThis v1.99.0
Scan saved at 18:17:13, on 2005-06-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Microsoft Hardware\Mouse\point32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\iTunes\iTunesHelper.exe
C:\DOCUME~1\JOHANA~1.KUN\LOKALA~1\Temp\$wc0\FREERA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program\VeriSign\NAVI\naviagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program\iPod\bin\iPodService.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\WinCmd\wincmd\WINCMD32.EXE
C:\Program\Hijack\HijackThis.exe
C:\Program\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://login1.telia.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = IE_Window_T... Read more

A:Solved: 20 Popups/minute PLZ HELP ME !! Hijack log included.

DL and run http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/EliteToolbar-Remover.shtml

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepam32.exe

O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\JOHANA~1.KUN\LOKALA~1\Temp\$wc0\FREERA~1.EXE" -win

O9 - Extra button: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra 'Tools' menuitem: MultiPoker - {641F4F4E-6C91-4159-869E-9F5CE6F0F64E} - C:\Program\MultiPoker\MultiPoker.exe (file missing)

O9 - Extra button: i-Nav – hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

O9 - Extra 'Tools' menuitem: i-Nav – hjälp - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\windows\system32\elitepam32.exe
C:\WINDOWS\system32\temp532.exe
C:\DOCUME~1\JOHANA~1.KUN\LOKAL... Read more

Read other 3 answers
RELEVANCY SCORE 63.2

I have been trying to sort out my friends laptop as it was full of cr*p and viruses...
I have got it running a hell of alot better than it was but 2 things i am having trouble with are those CiD popups and for some reason, when the laptop has a slow moment the desktop icons seem to randomly disappear and then reappear.
Its very odd.

Any help would be greatly appreciated.

please be aware that im not a pc genius i just know the basics
 

A:PLEASE HELP...CiD popups and very slow laptop hijack this log included PLEASE HELP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:04, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Logitech... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Hey hows it goin?

My computer started acting up about a week ago,all the information is in the hijack this log so ill just let you look throught it, i need this computer to be up and running because I'm a recording studio engineer and producer, this is my studio computer, so this is not helping with my business.. lol.. I think i got it when i was browsing for a singing telegram for my girlfriend, saw something about a video, said i needed a codec, and i installed it..

From what i see everything tries to connect to 89.188.16.22 if that helps

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:40 PM, on 4/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\rundll3... Read more

Read other answers
RELEVANCY SCORE 62.4

My Windows XP computer has started acting really weird. Firefox suddenly has popups for phony PC protection programs; I can't run error-checking or defragmentation on the C drive; Norton doesn't seem to be running at all (and the system tray icon doesn't appear automatically anymore).

One factor in the Norton problem might be that I switched from cable to DSL, and the DSL service randomly boots the computer and has other issues.

I've run Norton and Ad-Aware several times and they removed a virus and some malware and spyware, but that didn't help.

Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:36:37 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend... Read more

Read other answers
RELEVANCY SCORE 62.4

This started about a week ago. I get popups like this: http://i.imgur.com/woPGCeq.png (screenshot) and webpages all stick double-underlined links into their text like this: http://i.imgur.com/w0zDkVW.png (screenshot).
 
I ran Malwarebytes, it removed a bunch of stuff, but apparently not what is causing these symptoms. Here's my log:
 Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.12.14.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476MacFall :: MACFALL-PC [administrator]12/14/2013 12:58:10 PMmbam-log-2013-12-14 (12-58-10).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 222271Time elapsed: 9 minute(s), 46 second(s)Memory Processes Detected: 1C:\ProgramData\QuickSet\SK.Enabler\SK.Enabler.exe (PUP.Optional.MultiPlug.A) -&gt; 696 -&gt; No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1495795506 (PUP.Optional.MultiPlug.A) -&gt; Quarantined and deleted successfully.HKCU\SOFTWARE\PerformerSoft\PC Performer (PUP.Optional.PCPerformer.A) -&gt; Quarantined and deleted successfully.HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -&gt; Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -&gt; Quarantined and dele... Read more

A:Firefox opens tabs to sites like "findsection.net". Also, popups. Logs included

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.AdwCleaner created by Xplode.Junkware Removal Tool created by thisisu.
1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.Important: Do not reboot your computer until you complete the next step.
2. Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of... Read more

Read other 5 answers
RELEVANCY SCORE 61.6

Hello All

I have really tried to find an answer looking at others posts but it seems like each persons problem is unique to their computer.

I never had any spyware problems before so I'm unfamiliar with a lot of programs. I have installed, adaware, spybot, avg antispyware, cleanup, win patrol, AntiVir Guard, and windows defender all because I have read other peoples posts. I know I probably don't need all of this but I didn't know what else to do. Also I am not too familiar with registry edits so I know I need to be careful if I have to change anything.

These are my computer's symptoms:

AntiVirGuard pops up 3 to 13 times saying trojan horses are detected what do I want to do? I usually select delete or block.

Then everything is usually ok until I get on the internet after which my computer redirects the sites I type in to a site called Jack9.com this happens every few minutes. Sometimes I get a bunch of popups in rapid succession and it freezes my computer. I have to restart windows explorer or restart the computer when this happens.

I have run every single previously mentioned program several times during startup and safe mode if possible and while they find things....they must be missing something because the problems continue.

I came across HiJack this and I have the log from the program. I am not completely sure what to do with it or if it can help but any assistance anyone can offer would be greatly appriciated. The log is below:
Logfile of ... Read more

A:Solved: Spyware, popups and keeps coming back HiJack this log included Please help

Read other 16 answers
RELEVANCY SCORE 61.6

Hi,

I just registered here but felt that you guys could hopefully help me out. I'm pretty good with computers and should be able to sort this mess out myself, but I just can't seem to get anywhere.

I'm using the latest version of Firefox and have never used Internet Explorer on this laptop. Lately I have been getting a lot of pop-ups from IE while browsing through Firefox and I'm guessing I have some sort of trojan or infection.

I have ran Windows Defender, McAfee, ATF Cleaner and Adaware but still have the same pop-ups. I've now just ran Hijack this and here is the log.
Logfile of HijackThis v1.99.1
Scan saved at 19:05:19, on 11/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 61.6

Out of the blue today, I started getting these popups, and am unsure even how. They tried to tell me that I had the netsky worm, and to download their AV software to correct things.

It has also hijacked my IE browser, pointing me to some software site that does the same thing. Have pasted my DSS log, and attached the DSS extra file, and my Panda ActiveScan output.

Any help to exsponge my system of this garbage is much appreciated.

Thx!

Here is my DSS Log:

Deckard's System Scanner v20071014.68
Run by tcs on 2007-12-03 19:34:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2007-12-04 01:34:41 UTC - RP301 - Deckard's System Scanner Restore Point
66: 2007-12-03 22:33:07 UTC - RP300 - System Checkpoint
65: 2007-12-02 17:46:26 UTC - RP299 - System Checkpoint
64: 2007-11-30 02:39:20 UTC - RP298 - System Checkpoint
63: 2007-11-28 16:56:18 UTC - RP297 - System Checkpoint


-- First Restore Point --
1: 2007-09-06 05:20:28 UTC - RP235 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).
System Drive C: has 6.89 GiB (less than 15%) free.


-- HijackThis (run as tcs.exe) -------------------------------------------------

Logfile... Read more

A:Constant Antivirus popups/browser hijack: worm.win32.netsky

Anyone able to help with this one, or is there any further detail that I can give that would help?

Thanks in advance!

Read other 8 answers
RELEVANCY SCORE 61.2

For the last few days my computer has been overwhelmed with popups regarding security issues.

In the lower right taskbar where the time is located, a flashing X icon has appeared. Upon clicking it, I am directed to http://www.virprotect.com/?aff=1012 which looks pretty shady. There is also a yellow Icon that has appeared, and it directs me to a similar site.

Aside from that, I've been flooded with popups. An examples is "Critical System Warning! Your system is probably infected with the latest version of Spyware Cyborg-X."

I've tried to run Telus E-protect for virus and spyware scans, to no avail. After a short period of time I receive a message saying "Telus eProtect has encountered an error and must be restarted. Important: If you do not restart Telus eProtect, the services you have enabled will not be protecting your computer."

Occaisonally a pop up will appear as Microsoft Office, and try to install itself, or download something onto my computer. I'm not really sure, as I click cancel before it has a chance to do too much. All these problems are definately worrying me. Any help is appreciated.

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:53 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\... Read more

A:Spyware - popups , system alerts, attempted installations etc. - Hijack this included

Bump?
 

Read other 1 answers
RELEVANCY SCORE 60.4

Hi, just wanted to see if someone can help me with my HIJACK THIS log ..im getting popups all the time on my computer - i have scanned with VUNDO FIX and VIRTUMUNDOBEGONE and nothing has changed - microsoft forum suggests i have MALWARE but can't get rid of it ... I NEED URGENT HELP _ PLEASE ... IE also keeps crashing ... problem started when Automatic updates turned off mid last week - have tried to restart in "services" but can not get it to start the error i get when trying to turn it on is [ COULD NOT START THE AUTOMATIC UPDATE SERVICE ON LOCAL COMPUTER - ERROR 1058 - THE SERVICE CANNOT BE STARTED, EITHER BECAUSE IT IS DISABLED OR BECAUSE IT HAS NO ENABLED DEVICES ASSOCIATED WITH IT ] ...i have made sure the device is enabled in sevices but still will not start - from then on i have had [ USERINIT.EXE APPLICATION ERRORS ] and [ RUNDLL32.EXE APPLICATION ERRORS ] and i have to start explorer.exe in task manager. My virus software is NORTON 360 ...My HIJACK THIS (version 2) Log follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:53 PM, on 2/06/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC... Read more

A:Need Help Urgent ! Popups, Ie Crasing, Automatic Updates Won't Turn On - Hijack This Log Included --- Arrrrh Need Help...

Hello Aussie-with-xp-issue and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder S... Read more

Read other 11 answers
RELEVANCY SCORE 58.4

Hello.Figure I should give some background to my problem first. I'm not sure exactly WHEN this started happening, but it began with my Firefox search engines. The normal Google searchbar in the top right was replaced by an imposter. The icon shown is the old google logo I believe (G in a square), and when I search it redirected me to some search-wish.com Google fake. I fixed it once by uninstalling/reinstalling FF but it came right back. Additionally, when I search through the Google.com site, about 75% of the time I click on a result I get redirected, yet again, to some fake search engine.More recently I've been experiencing random popups. I'll be happily minding my own business when suddenly an IE window pops up or a new FF tab opens up. I never really noted the sites that popped up but they certainly weren't anything I had any interest in. Finally, my computer will WAY slow down at points, and I'll load up the task manager and see a file with a name like "15bxP7LG.exe" running.As it stands, I'm sort of at a dead end. I've ran HiJackThis and pasted the logfile into HiJackThis.de, removing anything that seemed nasty. I've ran Spybot Search & Destroy, updated, immunized, and then searched for problems, but alas nothing has helped in the slightest.Here's the DDS log file. Thanks in advance!DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 2:56:21.57 on Fri 06/18/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersi... Read more

A:Firefox Search Hijack, Popups, etc.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.One or more of the identified infections is a Backdoor Trojan. - TDSS rootkitThis could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain ... Read more

Read other 3 answers
RELEVANCY SCORE 58

After being asked to install a program while browsing online, I chose Decline, yet the program and its accompanying programs were installed anyway. I believe the main culprit was something called v9, which seemed to hijack my browser.
I'm using Windows 7 OS, Microsoft Security Essentials for anti-virus and later installed Malwarebytes trying to resolve the issue. Running MB in safe mode seems to have cleared up most of the apparent issues but now my IE is missing and I occasionally receive ads for video or media programs (within pages I'm sure they aren't native to) while using Firefox w/ NoScript. Also, I still see IdleCrawler, one of the other malware installed, in task manager.

Other steps taken include DDS, Defogger, MBRcheck, and rootkitunhooker 3.8, in an attempt to detect remaining threats.

A:Internet Explorer gone, ad popups in Firefox (V9 hijack?)

Hello DiegnoWe need to remove safe.v9.com from your browser add ons / extensions, what one(s) are you using?Please also run these.......Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and s... Read more

Read other 9 answers
RELEVANCY SCORE 58

I cant figure out what im missing and i dont really know how to read the HJK log so i thought i would post it to see if i could get some help. My main problem is that im getting Internet explorer popups everytime i open/change/refresh a page, what really upsets me is that its in firefox?!? Either way, i have run Spybot, Adaware, and CCleaner and they find nothing each time (yes i updated).

Logfile of HijackThis v1.99.1
Scan saved at 2:04:00 AM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\utorrent\utorrent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Owner\Desktop\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize... Read more

A:Internet Explorer popups using firefox..? HiJack log

I can't see anything there so try this

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
Click the Free Trial link under "Downloads/SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:

[*]Sweep Memory
[*]Sweep Registry
[*]Sweep Cookies
[*]Sweep All User Accounts
[*]Enable Direct Disk Sweeping
[*]Sweep Contents of Compressed Files
[*]Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
 

Read other 1 answers
RELEVANCY SCORE 57.2

Hello,
I believe that my computer has recently come down with a bug.

Often when I click links from a google search in chrome or firefox on my computer I get popups.

I figured that I had something so I ran Malware's Antimalware, but to no avail. So then I ran CCleaner and cleaned my caches, and using CMD flushed my DNS. Next I tried panda antivirus, superanti-virus, macaffee antivirus, and now AVG antivirus.

All have either come up with a trojan and then gotten rid of it, or said I was fine.

I notice that when I start up if I try to do something too far after it has started the startup process, it doesn't always get done. For example, if I try to pull up the task manager without already opening it right when I turn the computer on, it doesn't always work.

Recently, the computer has been stalling and freezing up or not shutting down.

Any help is greatly appreciated.

- noa

A:Think I've got a browser hijack? Firefox & chrome have popups all the time

Hello,I believe that my computer has recently come down with a bug.Often when I click links from a google search in chrome or firefox on my computer I get popups.I figured that I had something so I ran Malware's Antimalware, but to no avail. So then I ran CCleaner and cleaned my caches, and using CMD flushed my DNS. Next I tried panda antivirus, superanti-virus, macaffee antivirus, and now AVG antivirus.All have either come up with a trojan and then gotten rid of it, or said I was fine.I notice that when I start up if I try to do something too far after it has started the startup process, it doesn't always get done. For example, if I try to pull up the task manager without already opening it right when I turn the computer on, it doesn't always work.Recently, the computer has been stalling and freezing up or not shutting down.Any help is greatly appreciated.- noaOk firstly I would remove some of those tools, too many tools often does more harm than good. Try booting into safe mode with networking.Run Malwarebytes full scan. Malwarebytes is a great program and it does a good job.

Read other 3 answers
RELEVANCY SCORE 56.8

my friend's computer acquired a very complex infection on the morning of the 28th. i'm a fairly sophisticated user (your worst nightmare?) and so have tried to remove it. at this point i want to post here for possible help as well as to alert you, and others, to the impressive complexity of this infection.

to the best of my friend's recollection:
- the infection seemingly started when visiting a professional site (with firefox) that had been hacked (unfortuantely she doesn't recall which site..., but it was a site that came up in google when searching for "Understanding the Immune System How It Works". the site in question doesn't seem to come up in a seach that i did just now.
- surprisingly firefox launched IE!
- then all sorts of other popups started popping up.
at this point i came onto the scene:
- rebooted. once firefox was started, about every two minutes a new firefox window would open browing to a certain site (sorry don't recall the name of this either and i now have the infected computer offline so that it doesn't reinfect fully). however i saw mention of this site on other posts that i can't now find. it was a short name like 7 characters .com. starting with i i think....
- if firefox is not running then this doesn't happen. however all browsers and other apps are blocked from a number of sites (virus & help related)
- anyway, even tho i verified (by adding a entry) that the usual hosts file is in use, many virus removal sites (mcaffe.com for in... Read more

A:Firefox popups, hostfile-like redirects, hijack can't remove possible infection, and more

forgot to mention that i tried removing the mlJDVPJD.dll using hijackthis' remove file at reboot function. even that doesn't get rid fo the file!

am now attaching the dds logs that i just ran. not sure why your instructions ask that the dds.txt be inserted directly into the conversation here?? i'll do that if important. otherwise, i would just as soon keep the discussion itself cleaner by attaching logs.

also from the attach.txt, it seems that this infection even ran a system savepoint as the savepoints are at just at the time of infection.

we had already found an issue with the savepoints as that's one of the 1st things that i wanted to try, reverting to previous savepoint. indeed my friend thought that she had made other savepoints. but none were to be found. did the infection get rid of them? this is really a nasty creature!!!

Read other 4 answers
RELEVANCY SCORE 49.2

I'm trying to fix my parents' computer (Running Vista). They recently got highspeed internet and they have Norton and Windows Defender installed and running, but they're having constant popups in new windows and tabs. Always different sites. They also are getting the fake windows security pages. Only a few times has this happened with Firefox, but it's happening constantly with IE. When you initially start IE you get upwards of 6 tabs of random links. I desperately need help. I'm having a hard enough time explaining the "new internet" to my parents who have only ever had dial-up without having popups every few minutes.I've run HijackThis, but I wasn't sure if I was supposed to be in safemode or not. So here's the log running in normally.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:05:30 AM, on 5/5/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\System32\rundll32.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\P... Read more

A:Ie And Firefox Popups/tabs Constantly, Also Fake Security Popups

Hello jenntegt, Glad to see you are helping your parents fix this computer. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

Read other 2 answers